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Tn t-hft Claims : 

Please cancel Claims 1 to 6. 

Please add new Claims 7 to 17. 

7 A method for providing security to a chaining of 
useful operations, of a same type, performed by an electronic 
circuit executing an algorithm, each of the useful operations 

^ * .tPD of the algorithm, the method 
corresponding to a step or 

comprising: ^ 
. randomly introducing at least one dummy operation of 

the same type in the chaining of useful operations. 
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8. A method according to Claim 7, further comprising 
maintaining a constant time interval between execution of two 
successive useful operations. 

9. A method according to Claim 7 , further comprising 
maintaining a constant time interval between execution of two 
successive dummy operations. 

10. A method according to Claim 7 , further 

i comprising maintaining a constant time interval between 
3 execution of two successive useful and dummy operations. 



11. A method according to Claim 7, wherein a number 
of dummy operations is constant for each new execution of the 
algorithm. 

12. A method for providing security to an electronic 
circuit executing an algorithm, the method comprising: 

executing the algorithm so that useful operations of 
a same type are chained together, with each useful operation 
corresponding to a step of the algorithm; and 

randomly introducing at least one dummy operation of 
the same type in the chaining of useful operations. 

13. A method according to Claim 12, further 
comprising maintaining a constant time interval between 
execution of two successive useful operations. 

14. A method according to Claim 12, further 
comprising maintaining a constant time interval between 
execution of two successive dummy operations. 

2 
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15. A method according to Claim 12, further 
comprising maintaining a constant time interval between 
execution of two successive useful and dummy operations. 

16. A method according to Claim 12, wherein a number 
of dummy operations is constant for each new execution of the 
algorithm. 

17. An electronic device comprising: 

a processor for executing an algorithm that includes 
a plurality of useful operations of a same type, and a routine 
for providing security to a chaining of the plurality of 
useful operations, with each useful operation corresponding to 
a step of the algorithm, the routine randomly introducing at 
least one dummy operation of the same type in the chaining of 
useful operations . 

18. An electronic device according to Claim 17, 
wherein the routine maintains a constant time interval between 
execution of two successive useful operations. 

19. An electronic device according to Claim 17, 
wherein the routine maintains a constant time interval between 
execution of two successive dummy operations. 

20. An electronic device according to Claim 17, 
wherein the routine maintains a constant time interval between 
execution of two successive useful and dummy operations. 



21. An electronic device according to Claim 17, 
wherein a number of dummy operations is constant for each new 

3 
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execution of the algorithm. 



22. An electronic device according to Claim 17, 
wherein the electronic device is configured as a chip card. 

REMARKS 

It is believed that all of the claims are patentable 
over the prior art. For better readability and the Examiner's 
convenience, the newly submitted claims differ from the 
translated counterpart claims which are being canceled. The 
newly submitted claims do not represent changes or amendments 
that narrow the claim scope for any reason related to the 
statutory requirements for patentability. Accordingly, after 
the Examiner completes a thorough examination and finds the 
claims patentable, a Notice of Allowance is respectfully 
requested in due course. Should the Examiner determine any 
minor informalities that need to be addressed, he is 
encouraged to contact the undersigned attorney at the 
telephone number below. 

Respectfully submitted, 

MICHAEL W. TAYLOR ^ 
Reg. No. 43,182 

Allen, Dyer, Doppelt, Milbrath 

& Gilchrist, P. A. 
255 S. Orange Avenue, Suite 1401 
Post Office Box 3791 
Orlando, Florida 32802 
407-841-2330 
407-841-2343 fax 
Attorney for Applicant 
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METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 

35 Field of the Invention 

The present invention relates to the field of 
*p cryptology, and more particularly, to a method for 

lj providing security to a chaining of operations 

lu 5 performed by an electronic circuit executing an 

iS: 

Q algorithm. In the context of the invention, an 

SI alqorithm should be understood as a chaining of actions 

Hp required for accomplishing a task. Therefore, this does 

y, not necessarily mean the implementation of a computer 

10 program. 

Background of the Invention 

Cryptology may be defined as the science for 
hiding information. It forms with the physical security 
of the components and operating systems the essential 

15 dimension of security for chip cards. Cryptology 

includes cryptography which is the art of encrypting 
and decrypting messages, and cryptological analysis 
which is the art of breaking secret codes. 

In chip cards, cryptography implements 

20 various mechanisms which have the purpose of providing 
either confidentiality of the information, or 



-2- 

authentication of the cards or the users, or even the 
signature of messages. All the means which implement 
cryptography form a cryptosystem. Such cryptosystems 
contain confidential information, notably for 
5 encryption and decryption of digital messages. 

Among this confidential information, the 
encryption and decryption keys which are parameters of 
a secret agreement used for encryption and decryption 
of digital messages may be mentioned. The use of these 
10 encryption and decryption keys often requires several 
data transfers which characterizes them. When they are 
C| used within a cryptosystem, the characteristic data of 

digital keys and other confidential information flow 
between various memory or processing registers and 
15 modules. These transfers between registers and/or 

modules are expressed by the appearance of electrical 
currents or magnetic fields bearing pieces of 
confidential information. These pieces of confidential 
information may for example, relate to the encryption 
20 and decryption keys. 

Such cryptosystems pose a problem of 
visibility from the outside world. A measurement of 
the electrical signals or the magnetic fields arising 
from the exchanges of information between different 
25 portions of the circuit may provide access to pieces of 
confidential information which are involved in the 
protection of data by the encryption or decryption 
system. For example, one of the electrical signals may 
be located at the power supply contact of the circuit, 
30 whether the latter is internal or external. 

When the digital key is used by an authorized 
component, such as a chip card, a certain visibility, 
for example on the digital key, is made possible by 
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investigating such electrical signals- The sensitive 
electrical signals may be observed on different 
contacts of the circuit, notably connecting different 
memory or processing registers or modules. 
5 A digital key may thus be discovered as a 

result of accumulating electrical or magnetic signal 
measurements and of a statistical analysis of these 
measurements. More generally, any electronic circuit 
has an electrical consumption related to the operations 

10 which it carries out. It is possible to discover hidden 
information in the circuit by measuring this 
consumption. This problem is posed in any secured 
component, and notably in components for chip cards. 

Discovery of protected data by observation of 

15 the current generally requires a reproducibility of the 
current measurement to carry out statistical 
processing. Thus, when an electronic circuit executes 
an algorithm containing identical or similar and 
recurrent operations, such as transfer of confidential 

20 data between registers, and where fine observation of 
the operations one by one may disclose confidential 
information, a statistical analysis based on the 
measurement of the aforementioned electrical currents 
may be detrimental to the security of the electronic 

25 circuit. 

Summary of the Invention 

An object of the present invention is to find 
a remedy to the problems which have just been 
described. Accordingly, a method for avoiding a 
30 disclosure by observation of the current of protected 
data is provided. For this purpose, the method for 
providing security to a chaining of operations 



performed by an electronic circuit executing an 
algorithm provides invisibility with regards to 
analysis of electrical signals related to data 
transfers between various registers. More 
specif ically, the security is provided by the presence 
of parasitic information which interferes with the 
observation, from the outside of the electronic 
circuit, of physical phenomena associated with the 
execution of useful operations. 

To achieve this object, the invention inserts 
dummy operations in a chaining of useful operations of 
the same type, which is carried out in the context of 
executing an algorithm. The dummy operations are very 
similar to the useful operations. Each dummy operation 
is inserted at a random line for each execution of the 
algorithm. Thus, acquisition of comparable current 
measurements becomes very difficult. 

A dummy operation may be designed as an 
operation having an identical signature or virtually 
very close to a useful operation in terms of the 
observable physical parameters associated with the 
execution of this instruction (e.g., current 
consumption, magnetic radiation, etc.). These physical 
parameters may notably be detected at a current or 
voltage supply terminal of the circuit. In this way, 
the present dummy operations cannot be detected, sample 
by sample, and therefore they prevent any statistical 
analysis or at least make it very difficult. 

The invention accordingly relates to a method 
for providing security to a chaining of useful 
operations, of the same type, performed by an 
electronic circuit in the context of executing an 
algorithm. Each of the useful operations corresponds 
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to a step of the algorithm, characterized in that the 
method comprises randomly introducing one or several 
dummy operations of the same type in the chaining of 
useful operations . 
5 A dummy operation of the same type as a 

useful operation may assume various forms according to 
the relevant application, from the moment that it has 
physical characteristics which appear identical or 
sufficiently close to a useful operation to make its 

10 detection difficult. As a non-limiting example, a 
dummy operation may be the real execution of a 
calculation, but without recording the result in 
memory, or with recording but in an inoperative memory 
for the relevant operation. 

15 False calculations or false subsets of 

operations may thus be introduced with the dummy 
operations. The present invention also relates to an 
electronic device for executing an algorithm, for 
example a chip card, characterized in that it 

20 implements the aforementioned method for providing 

security, possibly with the optional aspects which are 
described below. 

Various aspects and advantages of the 
invention will become more clearly apparent in the 

25 following description, which shows a preferred 

embodiment of the method according to the invention and 
which is only given indicatively and by no means as 
limiting the invention. 

Detailed Description of the Preferred Embodiments 

30 According to a preferred embodiment of the 

invention, a certain number of dummy operations are 
inserted between useful operations, of the same type, 
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performed by an electronic circuit executing an 
algorithm. These dummy operations are introduced in a 
random way, and may be introduced in any useful 
operation associated with the algorithm. 
5 One or several dummy operations may also be 

found before the first useful operation associated with 
an algorithm, or after the last useful operation 
associated with an algorithm. Several consecutive 
dummy operations may also be found. To provide 
10 different series of current measurements at each 

execution of a same algorithm, new random operations 
are introduced in each execution of an algorithm. 

However, in a preferred application, the 
method according to the invention comprises the 
15 additional step of maintaining a constant time interval 
between the performance of two operations, whether they 
jL, are successive useful and/or dummy operations. Thus, 

® the insertion of dummy operations does not obviously 

j* appear upon a time investigation of the electrical 

^ 20 signals associated with the useful operations performed 

by an electronic circuit in the context of executing an 
algorithm. 

Finally, it is preferable but not mandatory 
that the number of dummy operations introduced in the 
25 chaining of useful operations be constant for each new 
execution of the algorithm. Thus, the execution time 
of the algorithm in its whole is the same for each 
execution of the algorithm. The fact that dummy 
operations have been introduced is thus invisible upon 
30 a first analysis, which again provides better security 
for the chaining of useful operations. 

According to the invention, it is also 
possible to distribute the random operations only on 



certain portions of the algorithm. Further, the method 
according to invention may also be applied to 
algorithms having operations which are ordered, i.e., 
the useful operations must be chained in an order which 
cannot be changed. The number of introduced dummy 
operations in a preferred application of the invention 
is on the order of 2 percent based on the total number 
of performed operations. 
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THAT WHICH IS CLAIMED IS: 

1. A method for providing security to a 
chaining of useful operations, of the same type, 
performed by an electronic circuit in the context of 
executing an algorithm, each of the useful operations 

5 corresponding to a step of the algorithm, characterized 
in that the method comprises the step consisting of 
introducing randomly one or several dummy operations of 
the same type in the chaining of operations. 

2. The method for providing security to a 
chaining of operations of the same type, according to 
claim 1, characterized in that the method comprises the 
additional step consisting of keeping a constant time 

5 interval between the performance of two successive 
useful and/or dummy operations. 

3. The method for providing security to a 
chaining of operations of the same type, according to 
any of claims 1 or 2, characterized in that the number 
of dummy operations introduced in the chaining of 

5 operations is constant for each new execution of the 
algorithm. 

4. A use of the method according to any of 
the preceding claims, in the field of cryptography. 

5. An electronic device for executing an 
algorithm, characterized in that it implements the 
method for providing security according to any of 
claims 1 to 3. 
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6. A chip card comprising an electronic 
device for executing an algorithm, characterized in 
that it implements the method for providing security 
according to any of claims 1 to 3. 
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METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 

Abstract of the Disclosure 

A method for providing security to a chaining 
of useful operations of the same type, performed by an 
electronic circuit executing an algorithm, randomly 
5 introduces one or more dummy operations in the chaining 
of operations. This prevents any fraudulent access to 
protected data through a statistical analysis of 
electric currents . 

yp 
yQ 
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METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 



Field of the Invention 

The present invention relates to the field of 
cryptolocfY, and more particularly, to a method for 
providing security to a chaining of operations 
5 performed by an electronic circuit in the context of 
executing an algorithm. 

More — specifically, — ttre — invention relates to a 

method for providing security to an chaining of useful 
operations of the same type, — performed by an electronic 

10 circuit in the context of executing an algorithm, — the 
security being provided by the presence of parasitic 
information which interferes with the observation, — from 
the outside of the electronic circuit, — of physical 
phenomena associated with the execution of useful 

15 operations . 

= In ^he context of the invention, an 

algorithm should be understood as a chaining of actions 
required for accomplishing a task. Therefore, this does 
not necessarily mean the implementation of a computer 

20 program. 

The field of application of the invention, — irs- 

essentially the field of eryptology. — 
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Background of the Invention 

Cryptology may be defined as the science for 
hiding information. It forms with the physical security 
of the components and operating systemsy the essential 
5 dimension of security for chip cards. Cryptology 

includes cryptography which is the art for encryption of 
encrypting and decrypt ion decrvpting messages^ and 
cryptological analysis which is the art of breaking 
secrete codes. 
10 In chip cards, cryptography implements 

various mechanisms which have the purpose of providing 
J either confidentiality of the information, or 

?f authentication of the cards or the users, or even the 

:JS signature of messages. 

!y 15 All the means which implement cryptography 

^ form a cryptosystem. Such cryptosystems contain 

p confidential information, notably for encryption and 

ifj decryption of digital messages. 

Hp Among this confidential information, the 

2 0 encryption and decryption keys which are parameters of 
a secret agreement used for encryption and decryption 
of digital messages may be mentioned. 

The use of these encryption and decryption 

keys often requires several data transfers which 

25 characterize^ them. When they are used within a 

cryptosystem, the characteristic data of digital keys 
and other confidential information flow between various 
memory or processing registers and modules. These 
transfers between registers and/or modules are 

30 expressed by the appearance of electrical currents or 
magnetic fields bearing pieces of confidential 
information. These pieces of confidential information 
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may for example, relate to the encryption and 
decryption keys. 

Such cryptosystems pose a problem of 
visibility from the outside world. Indeed, — a A 
5 measurement of the electrical signals or the magnetic 
fields arising from the exchanges of information 
between different portions of the circuit may provide 
access to pieces of confidential information which are 
involved in the protection of data by the encryption or 
10 decryption system. 

== For example, one of the electrical signals 

may be located at the power supply contact of the 
circuit, whether the latter is internal or external. 

Indeed, — wWhen the digital key is used by an 
15 authorized component, such as a chip card, a certain 
visibility^ for example™ on the digital key, is made 
possible by investigating such electrical signals. The 
sensitive electrical signals may be observed on 
4S different contacts of the circuit, notably connecting 

20 different memory or processing registers or modules. 

A digital key may thus be discovered as a 
result of accumulating electrical or magnetic signal 
measurements and of a statistical analysis of these 
measurements . 

25 More generally, any electronic circuit has 

an electrical consumption related to the operations 
which it carries out. It is possible to discover hidden 
information in the circuit by measuring this 
consumption. This problem is posed in any secured 
30 component^ and notably in components for chip cards. 

Discovery of protected data by observation of 
the current— generally requires a reproducibility of 
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the current measurement in order to carry out 
statistical processing. 

^Thus, when an electronic circuit executes an 

algorithm containing identical or similar and recurrent 
5 operations, such as transfer of confidential data 
between registers, and where fine observation of the 
operations one by one may disclose confidential 
information, a statistical analysis based on the 
measurement of the aforementioned electrical currents 
10 may be detrimental to the security of the electronic 
circuit . 

Summary of the electronic circui -trlnvgntion 

¥heAn object of the present invention is to 
find a remedy to the problems which have just been 
15 described. 

Accordingly, the invention provides a 

method for avoiding a disclosure by observation of the 
current^ of protected data is provided . 

=== For this purpose, the invention provides a 

20 method for providing security to a chaining of 

operations performed by an electronic circuit in the 
context of executing an algorith m which provides 
invisibility with regards to analysis of electrical 
signals tapon related to data transfers between various 
25 registers. More specif ically, the security is provided 
by the presence of parasitic information which 
interferes with the observation, from the outside of 
the electronic circuit, of physical phenomena 
associated with the execution of useful operations. 
30 To achieve these this objects, the invention 

provides insertion of inserts dummy operations in a 
chaining of useful operations of the same type, which 
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is carried out in the context of executing an 
algorithm. The dummy operations are very similar to the 
useful operations. Each dummy operation is inserted at 
a random line for each execution of the algorithm. ^ 
5 Thus, acquisition of comparable current measurements 
becomes very difficult. 

A dummy operation may be designed as an 
operation having an identical signature or virtually 
very close to a useful operation in terms of the 

10 observable physical parameters associated with the 
execution of this instruction ( e.g. , current 
consumption, magnetic radiation, etc.). These physical 
parameters may notably be detected at a current or 
voltage supply terminal of the circuit. In this way, 

15 the present dummy operations cannot be detected, sample 
by sample, and therefore they prevent any statistical 
analysis or at least make it very difficult. 

The invention accordingly relates to a method 
for providing security to a chaining of useful 

20 operations, of the same type, performed by an 

electronic circuit in the context of executing an 
algorithms — e. E ach of the useful operations 
cor respondincf cor responds to a step of the algorithm, 
characterized in that the method comprises the step 

25 consisting of randomly introducing one or several dummy 
operations— of the same type in the chaining of useful 
operations . 

A dummy operation of the same type as a 
useful operation may assume various forms according to 

30 the relevant application, from the moment that it has 
physical characteristics which appear identical or 
sufficiently close to a useful operation in order to 
make its detection difficulty As a non-limiting 
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example, a dummy operation may be the real execution of 
a calculation, but without recording the result in 
memory, or with recording but in an inoperative memory 
for the relevant operation. 
5 False calculations or false subsets of 

operations may thus be introduced with the dummy 
operations . 

The present invention also relates to an 

electronic device for executing an algorithm, for 

10 example a chip card, characterized in that it 

implements the aforementioned method for providing 
security, possibly with the optional aspects which are 
described in what f ollows below . 

Various aspects and advantages of the 

15 invention will become more clearly apparent in the 
following description, which shows a preferred 
embodiment of the method according to the invention and 
which is only given indicatively and by no means as 
limiting the invention, 

2 0 De-bail ed Description of -the Preferred Exabodimenfcs 

According to a preferred embodiment of the 
invention, a certain number of dummy operations are 
inserted between useful operations, of the same type, 
performed by an electronic circuit in the context of 

25 executing an algorithm. = These dummy operations are 

introduced in a random way-: — these dummy operations , and 
may be introduced in any useful operation associated 
with the algorithm. 

One or several dummy operations may also be 

30 found before the first useful operation associated with 
an algorithm^ or after the last useful operation 



associated with an algorithm. ^Several consecutive 
dummy operations may also be found. 

frr order t To provide different series of 

current measurements at each execution of a same 
5 algorithm, new random operations are introduced in each 
execution of an algorithm. 

However, in a preferred application, the 
method according to the invention comprises the 
additional step consisting of maintaining a constant 

10 time interval between the performance of two 

operations, whether they are successive useful and/or 
dummy operations. Thus, the insertion of dummy 
operations does not obviously appear upon a time 
investigation of the electrical signals associated with 

15 the useful operations performed by an electronic 
circuit in the context of executing an algorithm. 

Finally, it is preferable but not mandatory 
that the number of dummy operations introduced in the 
chaining of useful operations be constant for each new 

20 execution of the algorithm. ^Thus, the execution time 
of the algorithm in its whole is the same for each 
execution of the algorithm. The fact that dummy 
operations have been introduced is thus invisible upon 
a first analysis, which again provides better security 

25 for the chaining of useful operations. 

According to the invention, it is also 
possible to distribute the random operations only on 
certain portions of the algorithm. ^Further, the method 
according to invention may also be applied to 

30 algorithmsT — tfr e having operations— of 1 which are ordered^ 
i.e.^ the useful operations must be chained in an order 
which cannot be changed. 
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The number of introduced dummy operations 

in a preferred application of the invention is oi£n the 
order of 2 percent based on the total number of 
performed operations. 
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efc^mTHA T WHICH IS CLAI MED IS: 

1. A method for providing security to a 
chaining of useful operations, of the same type, 
performed by an electronic circuit in the context of 
executing an algorithm, each of the useful operations 

5 corresponding to a step of the algorithm, characterized 
in that the method comprises the step consisting of 
introducing randomly one or several dummy operations of 
the same type in the chaining of operations. 

2. The method for providing security to a 
chaining of operations of the same type, according to 
claim 1, characterized in that the method comprises the 
additional step consisting of keeping a constant time 

5 interval between the performance of two successive 
useful and/or dummy operations. 

3. The method for providing security to a 
chaining of operations of the same type, according to 
any of claims 1 or 2, characterized in that the number 
of dummy operations introduced in the chaining of 

5 operations is constant for each new execution of the 
algorithm. 

4 . A use of the method according to any of 
the preceding claims, in the field of cryptography. 

5. An electronic device for executing an 
algorithm, characterized in that it implements the 
method for providing security according to any of 
claims 1 to 3. 
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6. A chip card comprising an electronic 
device for executing an algorithm, characterized in 
that it implements the method for providing security 
according to any of claims 1 to 3. 
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AB3TRACT OF THE DISCLOS URE 

METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 

Abstract o£ the Disclosure 

The invention relates to 1 a A method for 

providing security to a chaining of useful operations 
of the same type, performed by an electronic circuit ±n 

5 the context of executing an algorithms The method 

according to the invention involves a step consisting 
o-fv randomly introducinq int reduces one or several more 
dummy operations in the chaining of operations-7 — ±tt 
order to . This prevents; any fraudulent access — to 
10 protect ed data through a statistical analysis of 
electric current S7 — to protected data . 
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METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 



The present invention relates to a method for 
providing security to a chaining of operations 
performed by an electronic circuit in the context of 
executing an algorithm, 
5 More specifically, the invention relates to a 

method for providing security to an chaining of useful 
operations of the same type, performed by an electronic 
circuit in the context of executing an algorithm, the 
security being provided by the presence of parasitic 
10 information which interferes with the observation, from 
the outside of the electronic circuit, of physical 
phenomena associated with the execution of useful 
operations . 

In the context of the invention, an algorithm 
15 should be understood as a chaining of actions required 
for accomplishing a task. Therefore, this does not 
necessarily mean the implementation of a computer 
program. 

The field of application of the invention, is 
20 essentially the field of cryptology. Cryptology may be 



2 



defined as the science for hiding information. It forms 
with the physical security of the components and 
operating systems, the essential dimension of security 
for chip cards. Cryptology includes cryptography which 
5 is the art for encryption and decryption messages and 
cryptological analysis which is the art of breaking 

secrete codes . 

In chip cards, cryptography implements various 
mechanisms which have the purpose of providing either 
10 confidentiality of the information, or authentication 
of the cards or the users, or even the signature of 
messages . 

All the means which implement cryptography form a 
cryptosystem. Such cryptosystems contain confidential 
15 information, notably for encryption and decryption of 

digital messages. 

Among this confidential information, the 
encryption and decryption keys which are parameters of 
a secret agreement used for encryption and decryption 
20 of digital messages may be mentioned. 

The use of these encryption and decryption keys 
often requires several data transfers which 
characterize them. When they are used within a 
cryptosystem, the characteristic data of digital keys 

2 5 and other confidential information flow between various 

memory or processing registers and modules. These 
transfers between registers and/or modules are 
expressed by the appearance of electrical currents or 
magnetic fields bearing pieces of confidential 

3 0 information. These pieces of confidential information 

may for example, relate to the encryption and 
decryption keys . 

Such cryptosystems pose a problem of visibility 
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from the outside world. Indeed, a measurement of the 
electrical signals or the magnetic fields arising from 
the exchanges of information between different portions 
of the circuit may provide access to pieces of 
5 confidential information which are involved in the 
protection of data by the encryption or decryption 
system. 

For example, one of the electrical signals may be 
located at the power supply contact of the circuit, 
10 whether the latter is internal or external. 

Indeed, when the digital key is used by an 
authorized component, such as a chip card, a certain 
visibility for example, on the digital key, is made 
possible by investigating such electrical signals. The 
15 sensitive electrical signals may be observed on 
different contacts of the circuit, notably connecting 
different memory or processing registers or modules. 

A digital key may thus be discovered as a result 
of accumulating electrical or magnetic signal 
20 measurements and of a statistical analysis of these 
measurements , 

More generally, any electronic circuit has an 
electrical consumption related to the operations which 
it carries out. It is possible to discover hidden 

2 5 information in the circuit by measuring this 

consumption. This problem is posed in any secured 
component and notably in components for chip cards . 

Discovery of protected data by observation of the 
current, generally requires a reproducibility of the 

3 0 current measurement in order to carry out statistical 

processing. 

Thus, when an electronic circuit executes an 
algorithm containing identical or similar and recurrent 
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operations, such as transfer of confidential data 
between registers, and where fine observation of the 
operations one by one may disclose confidential 
information, a statistical analysis based on the 
5 measurement of the aforementioned electrical currents 
may be detrimental to the security of the electronic 
circuit . 

The object of the present invention is to find a 
remedy to the problems which have just been described. 
IQ Accordingly, the invention provides a method for 

avoiding a disclosure by observation of the current, of 

protected data. 

For this purpose, the invention provides a method 
for providing security to a chaining of operations 
15 performed by an electronic circuit in the context of 
executing an algorithm which provides invisibility with 
regards to analysis of electrical signals upon data 
transfers between various registers. 

To achieve these objects, the invention provides 

2 0 insertion of dummy operations in a chaining of useful 

operations of the same type, carried out in the context 
of executing an algorithm. The dummy operations are 
very similar to the useful operations. Each dummy 
operation is inserted at a random line for each 
25 execution of the algorithm. Thus, acquisition of 
comparable current measurements becomes very difficult. 

A dummy operation may be designed as an operation 
having an identical signature or virtually very close 
to a useful operation in terms of the observable 

3 0 physical parameters associated with the execution of 

this instruction (current consumption, magnetic 
radiation, etc.). These physical parameters may notably 
be detected at a current or voltage supply terminal of 
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the circuit. In this way, the present dummy operations 
cannot be detected, sample by sample, and therefore 
they prevent any statistical analysis or at least make 
it very difficult. 
5 The invention accordingly relates to a method for 

providing security to a chaining of useful operations, 
of the same type, performed by an electronic circuit in 
the context of executing an algorithm, each of the 
useful operations corresponding to a step of the 

10 algorithm, characterized in that the method comprises 
the step consisting of randomly introducing one or 
several dummy operations, of the same type in the 
chaining of useful operations. 

A dummy operation of the same type as a useful 

15 operation may assume various forms according to the 
relevant application, from the moment that it has 
physical characteristics which appear identical or 
sufficiently close to a useful operation in order to 
make its detection difficult. As a non-limiting 

20 example, a dummy operation may be the real execution of 
a calculation, but without recording the result in 
memory, or with recording but in an inoperative memory 
for the relevant operation. 

False calculations or false subsets of operations 

2 5 may thus be introduced with the dummy operations. 

The present invention also relates to an 
electronic device for executing an algorithm, for 
example a chip card, characterized in that it 
implements the aforementioned method for providing 

30 security, possibly with the optional aspects which are 
described in what follows. 

Various aspects and advantages of the invention 
will become more clearly apparent in the following 
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description, which shows a preferred embodiment of the 
method according to the invention and which is only 
given indicatively and by no means as limiting the 
invention. 

5 According to a preferred embodiment of the 

invention, a certain number of dummy operations are 
inserted between useful operations, of the same type, 
performed by an electronic circuit in the context of 
executing an algorithm. These dummy operations are 

10 introduced in a random way: these dummy operations may 
be introduced in any useful operation associated with 
the algorithm. 

One or several dummy operations may also be found 
before the first useful operation associated with an 

15 algorithm or after the last useful operation associated 
with an algorithm. Several consecutive dummy operations 
may also be found. 

In order to provide different series of current 
measurement at each execution of a same algorithm, new 

2 0 random operations are introduced in each execution of 
an algorithm. 

However, in a preferred application, the method 
according to the invention comprises the additional 
step consisting of maintaining a constant time interval 

2 5 between the performance of two operations, whether they 

are successive useful and/or dummy operations. Thus, 
the insertion of dummy operations does not obviously 
appear upon a time investigation of the electrical 
signals associated with the useful operations performed 

3 0 by an electronic circuit in the context of executing an 

algorithm. 

Finally, it is preferable but not mandatory that 
the number of dummy operations introduced in the 
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chaining of useful operations be constant for each, new 
execution of the algorithm. Thus, the execution time of 
the algorithm in its whole is the same for each 
execution of the algorithm. The fact that dummy 
5 operations have been introduced is thus invisible upon 
a first analysis, which again provides better security 
for the chaining of useful operations. 

According to the invention, it is also possible to 
distribute the random operations only on certain 

10 portions of the algorithm. Further, the method 
according to invention may also be applied to 
algorithms, the operations of which are ordered i.e. 
the useful operations must be chained in an order which 
cannot be changed. 

15 The number of introduced dummy operations in a 

preferred application of the invention is of the order 
of 2 percent based on the total number of performed 
operations . 
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CLAIMS 

1. A method for providing security to a chaining 
of useful operations, of the same type, performed by an 
electronic circuit in the context of executing an 
algorithm, each of the useful operations corresponding 

5 to a step of the algorithm, characterized in that the 
method comprises the step consisting of introducing 
randomly one or several dummy operations of the same 
type in the chaining of operations. 

2. The method for providing security to a chaining 
10 of operations of the same type, according to claim 1, 

characterized in that the method comprises the 
additional step consisting of keeping a constant time 
interval between the performance of two successive 
useful and/or dummy operations. 

15 3. The method for providing security to a chaining 

of operations of the same type, according to any of 
claims 1 or 2 , characterized in that the number of 
dummy operations introduced in the chaining of 
operations is constant for each new execution of the 

20 algorithm. 

4. A use of the method according to any of the 
preceding claims, in the field of cryptography. 
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5 . An electronic device for executing an 
algorithm, characterized in that it implements the 
method for providing security according to any of 
claims 1 to 3 . 

6. A chip card comprising an electronic device for 
executing an algorithm, characterized in that it 
implements the method for providing security according 
to any of claims 1 to 3, 
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ABSTRACT OF THE DISCLOSURE 

METHOD FOR PROVIDING SECURITY TO A CHAINING OF 
OPERATIONS PERFORMED BY AN ELECTRONIC CIRCUIT WITHIN 
THE CONTEXT OF EXECUTING AN ALGORITHM 

The invention relates to a method for providing 
security to a chaining of useful operations of the same 
type, performed by an electronic circuit in the context 
of executing an algorithm. The method according to the 
invention involves a step consisting of randomly 
introducing one or several dummy operations in the 
chaining of operations, in order to prevent any 
fraudulent access, through a statistical analysis of 
electric currents, to protected data. 
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